Jump to content

Recommended Posts

Hi,

 

I'm creating a remember me feature for my site which obviously sets a cookie and when the visitors loads the site again,he would already be logged in.

 

This is a part of the code which is related :

$login_email	= request_var('login_email', '');
$login_password	= request_var('login_password', '');
$login_remember	= (isset($_POST['remember']) && $_POST['remember'] == 1) ? true: false;

setcookie('login_email', $_POST['login_email'], time()+60*60*24*365, '/','localhost',false);
setcookie('login_password', md5($_POST['login_password']), time()+60*60*24*365, '/','localhost',false);

 

HTML:

<strong class="normal"><input type="checkbox" name="remember" value="1">Remember</strong>

 

 

Link to comment
https://forums.phpfreaks.com/topic/257981-remember-me/
Share on other sites

Hi,

Try use this code to set cookies:

setcookie('login_email', $_POST['login_email'], time()+60*60*24*365, '/');
setcookie('login_password', md5($_POST['login_password']), time()+60*60*24*365, '/');

In the code that gets values for login, check if there is the cookie to get the value from it

$login_email	= isset($_COOKIE['login_email']) ? $_COOKIE['login_email'] : request_var('login_email', '');
$login_password	= isset($_COOKIE['login_password']) ? $_COOKIE['login_password'] : request_var('login_password', '');[/code

Link to comment
https://forums.phpfreaks.com/topic/257981-remember-me/#findComment-1322308
Share on other sites

Seems to be working..not sure..

 

To call the cookie I use:

 

if (empty($login_errors) && !$register_submit && logged_in() && !isset($_COOKIE['imgit_note']) || isset($_COOKIE['login_email']) && isset($_COOKIE['login_password']))
{
	echo '<div class="info" id="welcome_back">Welcome back <span class="capitalize">' . get_username() . '</span>
}

 

For some reason the username is Guests and the account isn't logged in. it only shows that the log in was successful.

Link to comment
https://forums.phpfreaks.com/topic/257981-remember-me/#findComment-1322310
Share on other sites

You should never store a username (email) / password in a cookie (even if it is hashed)! If I was to steal that cookie I would have: 1. access to your website, 2. the users email address. You should only store the user's ID (in the database), along with an access token. Read from the following url. The person does mention the username in a cookie but really that should be the user's ID

 

http://stackoverflow.com/questions/244882/what-is-the-best-way-to-implement-remember-me-for-a-website

 

Most of the tutorials you see on the Internet for this do tell you to store usernames / passwords in cookies for a remember me option. They should be avoided at all costs and are written by people who don't care about the security of a website.

Link to comment
https://forums.phpfreaks.com/topic/257981-remember-me/#findComment-1322365
Share on other sites

Well didn't you say earlier that the username was set as Guest?

 

All security exploitable possibilities aside, I'd like to at least get your script to work, then you can worry about security later.

 

When you log in when clicking the remember me checkbox or whatever you use, does the username and password get stored properly in the cookies login_email and login password?

 

Once you get the correct information to set the appropriate cookies, you would then check if the cookies exist to find out whether or not to log the user in.

 

Some people think, well I have a login script, and if they set a cookie and I check those cookies then I'll display their username.  That's fine in theory, but not in logic.

 

Once you properly set the cookies, you script needs to check for those cookies, if the email and password match an existing users record, then you need to make a code that logs them in, not just displays their username from the cookie.  Otherwise, you're telling them who they are and such by the cookie, but their logged in data has still not been set.

Link to comment
https://forums.phpfreaks.com/topic/257981-remember-me/#findComment-1322459
Share on other sites

Well didn't you say earlier that the username was set as Guest?

 

All security exploitable possibilities aside, I'd like to at least get your script to work, then you can worry about security later.

 

When you log in when clicking the remember me checkbox or whatever you use, does the username and password get stored properly in the cookies login_email and login password?

 

Once you get the correct information to set the appropriate cookies, you would then check if the cookies exist to find out whether or not to log the user in.

 

Some people think, well I have a login script, and if they set a cookie and I check those cookies then I'll display their username.  That's fine in theory, but not in logic.

 

Once you properly set the cookies, you script needs to check for those cookies, if the email and password match an existing users record, then you need to make a code that logs them in, not just displays their username from the cookie.  Otherwise, you're telling them who they are and such by the cookie, but their logged in data has still not been set.

 

Your post explains exactly what I did wrong !

 

The values are stored correctly in two cookies,but I guess only checking for the cookies won't display their username.

 

How do I do what you explained in the last paragraph ?

 

Thanks a lot mate.  ;)

Link to comment
https://forums.phpfreaks.com/topic/257981-remember-me/#findComment-1322726
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.